Download presentation
Presentation is loading. Please wait.
1
Accessing MySQL Using PDO Charles Severance www.php-intro.com
3
Web ServerDatabase Server Time Apache PHP MySql Browser JavaScri pt DOMDOM ind.ph p PDOPDO Parse Respons e Parse Reques t
4
Application Structure Database Data Model Application Software (i.e. PHP) EndUser Developer DBA Database Tools (i.e. phpMyAdmin) SQL SQL
5
Multiple Ways to Access MySql PHP is evolving - there are three ways to access MySql Legacy non-OO mysql_ routines (deprecated) New mysqli (OO version that is similar to mysql_) PDO - Portable Data Objects A perfect topic for debate http://php.net/manual/en/mysqlinfo.api.choosing.php
7
Creating a Database and User CREATE DATABASE misc; GRANT ALL ON misc.* TO 'fred'@'localhost' IDENTIFIED BY 'zap'; GRANT ALL ON misc.* TO 'fred'@'127.0.0.1' IDENTIFIED BY 'zap'; USE misc; (if you are in the command line) /Applications/MAMP/Library/bin/mysql -u root -P 8889 -p /Applications/xampp/xamppfiles/bin/mysql -u root -p c:\xampp\mysql\bin\mysql.exe
8
Creating a Table CREATE TABLE users ( user_id INTEGER NOT NULL AUTO_INCREMENT KEY, name VARCHAR(128), email VARCHAR(128), password VARCHAR(128), INDEX(email) ) ENGINE=InnoDB CHARSET=utf8; mysql> describe users; +----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+------------------+------+-----+---------+----------------+ | user_id | int(11) | NO | PRI | NULL | auto_increment | | name | varchar(128) | YES | | NULL | | | email | varchar(128) | YES | MUL | NULL | | | password | varchar(128) | YES | | NULL | |+----------+------------------+------+-----+----- ----+----------------+
9
Inserting a Few Records INSERT INTO users (name,email,password) VALUES ('Chuck','csev@umich.edu','123'); INSERT INTO users (name,email,password) VALUES ('Glenn','gg@umich.edu','456'); mysql> select * from users; +---------+-------+----------------+----------+ | user_id | name | email | password | +---------+-------+----------------+----------+ | 1 | Chuck | csev@umich.edu | 123 | | 2 | Glenn | gg@umich.edu | 456 |+---------+-------+--------------- -+----------+
10
Database Connection Hostname miscsakai users http://www.php-intro.com/code/pdo.zip
11
Database Connection PHPSoftware SQL Hostname miscsakai id / password users $pdo = new PDO('mysql:host=localhost;port=8889;dbname=misc', 'fred', 'zap'); pdo.php 3306 for xampp/linux
12
<?php echo " \n"; $pdo=new PDO('mysql:host=localhost;port=8889;dbname=misc', 'fred', 'zap'); $stmt = $pdo->query("SELECT * FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { print_r($row); } echo " \n";?> Array( [user_id] => 1 [name] => Chuck [email] => csev@umich.edu [password] => 123 ) Array( [user_id] => 2 [name] => Glenn [email] => gg@umich.edu [password] => 456 ) mysql> select * from users; +---------+-------+----------------+----------+ | user_id | name | email | password |+---------+-------+----------- -----+----------+ | 1 | Chuck | csev@umich.edu | 123 | | 2 | Glenn | gg@umich.edu | 456 | +---------+-------+----------------+----------+ first.php
![< php echo \n ; $pdo=new PDO( mysql:host=localhost;port=8889;dbname=misc , fred , zap ); $stmt = $pdo->query( SELECT * FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { print_r($row); } echo \n ; > Array( [user_id] => 1 [name] => Chuck [ ] => [password] => 123 ) Array( [user_id] => 2 [name] => Glenn [ ] => [password] => 456 ) mysql> select * from users; | user_id | name | | password | | 1 | Chuck | | 123 | | 2 | Glenn | | 456 | first.php](http://images.slideplayer.com./33/9543768/slides/slide_12.jpg "< php echo \n ; $pdo=new PDO( mysql:host=localhost;port=8889;dbname=misc , fred , zap ); $stmt = $pdo->query( SELECT * FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { print_r($row); } echo \n ; > Array( [user_id] => 1 [name] => Chuck [ ] => [password] => 123 ) Array( [user_id] => 2 [name] => Glenn [ ] => [password] => 456 ) mysql> select * from users; | user_id | name | | password | | 1 | Chuck | | 123 | | 2 | Glenn | | 456 | first.php")
13
<?php $pdo = new PDO('mysql:host=localhost;port=8889;dbname=misc', 'fred', 'zap'); $stmt = $pdo->query("SELECT name, email, password FROM users"); echo ' '."\n"; while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" \n"); } echo " \n";?> Chuck csev@umich.edu 123 Glenn gg@umich.edu 456 second.php
![< php $pdo = new PDO( mysql:host=localhost;port=8889;dbname=misc , fred , zap ); $stmt = $pdo->query( SELECT name, , password FROM users ); echo . \n ; while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( \n ); } echo \n ; > Chuck 123 Glenn 456 second.php](http://images.slideplayer.com./33/9543768/slides/slide_13.jpg "< php $pdo = new PDO( mysql:host=localhost;port=8889;dbname=misc , fred , zap ); $stmt = $pdo->query( SELECT name, , password FROM users ); echo . \n ; while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( \n ); } echo \n ; > Chuck 123 Glenn 456 second.php")
14
Pattern Put database connection information in a single file and include it in all your other files Helps make sure to not to mistakenly reveal id / pw Don't check it into a public source repository :)
15
<?php $pdo = new PDO('mysql:host=localhost;port=8889;dbname=misc', 'fred', 'zap'); // See the "errors" folder for details... $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); <?php echo " \n"; require_once "pdo.php"; $stmt = $pdo->query("SELECT * FROM users"); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){ print_r($row); } echo " \n";?> pdo.php third.php Array( [user_id] => 1 [name] => Chuck [email] => csev@umich.edu [password] => 123 ) Array( [user_id] => 2 [name] => Glenn [email] => gg@umich.edu [password] => 456 ) 3306 for xampp/linux
16
Lets put some data in a database!
17
<?php require_once "pdo.php"; if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; echo(" \n".$sql."\n \n"); $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); } ?> Add A New User Name: Email: Password: user1.php
![< php require_once pdo.php ; if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } > Add A New User Name: Password: user1.php](http://images.slideplayer.com./33/9543768/slides/slide_17.jpg "< php require_once pdo.php ; if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } > Add A New User Name: Password: user1.php")
18
mysql> select * from users; +---------+-------+----------------+----------+ | user_id | name | email | password | +---------+-------+----------------+----------+ | 1 | Chuck | csev@umich.edu | 123 | | 2 | Glenn | gg@umich.edu | 456 | | 3 | Fred | fred@umich.edu | YO | +---------+-------+----------------+----------+ user1.php
19
if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; echo(" \n".$sql."\n \n"); $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); } ?> <?php $stmt = $pdo->query("SELECT name, email, password FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" \n"); } ?> Add A New User user2.php
![if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } > < php $stmt = $pdo->query( SELECT name, , password FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( \n ); } > Add A New User user2.php](http://images.slideplayer.com./33/9543768/slides/slide_19.jpg "if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } > < php $stmt = $pdo->query( SELECT name, , password FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( \n ); } > Add A New User user2.php")
20
<?php require_once "pdo.php"; if ( isset($_POST['user_id']) ) { $sql="DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip'=>$_POST['user_id'])); } ?> Delete A User ID to Delete: user2del.php Missing a redirect
![< php require_once pdo.php ; if ( isset($_POST[ user_id ]) ) { $sql= DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip =>$_POST[ user_id ])); } > Delete A User ID to Delete: user2del.php Missing a redirect](http://images.slideplayer.com./33/9543768/slides/slide_20.jpg "< php require_once pdo.php ; if ( isset($_POST[ user_id ]) ) { $sql= DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip =>$_POST[ user_id ])); } > Delete A User ID to Delete: user2del.php Missing a redirect")
21
<?php require_once "pdo.php"; if ( isset($_POST['user_id']) ) { $sql="DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip'=>$_POST['user_id'])); } ?> Delete A User ID to Delete: user2del.php Missing a redirect
![< php require_once pdo.php ; if ( isset($_POST[ user_id ]) ) { $sql= DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip =>$_POST[ user_id ])); } > Delete A User ID to Delete: user2del.php Missing a redirect](http://images.slideplayer.com./33/9543768/slides/slide_21.jpg "< php require_once pdo.php ; if ( isset($_POST[ user_id ]) ) { $sql= DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip =>$_POST[ user_id ])); } > Delete A User ID to Delete: user2del.php Missing a redirect")
22
mysql> select * from users; +---------+-------+----------------+----------+ | user_id | name | email | password | +---------+-------+----------------+----------+ | 1 | Chuck | csev@umich.edu | 123 | | 2 | Glenn | gg@umich.edu | 456 | +---------+-------+----------------+----------+
23
user3.php
24
if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); } ?> <?php $stmt = $pdo->query("SELECT name, email, password, user_id FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" "); echo(' <input type="hidden" '); echo('name="user_id" value="'.$row['user_id'].'">'."\n"); echo(' '); echo("\n \n"); echo(" \n"); } user3.php
![if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= hidden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } user3.php](http://images.slideplayer.com./33/9543768/slides/slide_24.jpg "if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= hidden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } user3.php")
25
echo(' <input type="hidden" '); echo('name="user_id" value="'.$row['user_id'].'">'."\n"); echo(' '); echo("\n \n"); Fred fred@umich.edu YO if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); }
![echo( <input type= hidden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); Fred YO if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); }](http://images.slideplayer.com./33/9543768/slides/slide_25.jpg "echo( <input type= hidden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); Fred YO if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); }")
26
if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); }
![if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); }](http://images.slideplayer.com./33/9543768/slides/slide_26.jpg "if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); }")
27
<?php require_once "pdo.php"; if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; echo(" \n".$sql."\n \n"); $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); } if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); } ?> Program Outline <?php require_once "pdo.php";I f ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; echo(" \n".$sql."\n \n"); $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); } if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); } ?> <?php $stmt = $pdo->query("SELECT name, email, password, user_id FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" "); echo(' <input type="huser_idden" '); echo('name="user_id" value="'.$row['user_id'].'">'."\n"); echo(' '); echo("\n \n"); echo(" \n"); } ?> Add A New User Name: Email: Password: < p>
![< php require_once pdo.php ; if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > Program Outline < php require_once pdo.php ;I f ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= huser_idden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > Add A New User Name: Password: < p>](http://images.slideplayer.com./33/9543768/slides/slide_27.jpg "< php require_once pdo.php ; if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > Program Outline < php require_once pdo.php ;I f ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= huser_idden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > Add A New User Name: Password: < p>")
28
<?php $stmt = $pdo->query("SELECT name, email, password, user_id FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" "); echo(' <input type="hidden" '); echo('name="user_id" value="'.$row['user_id'].'">'."\n"); echo(' '); echo("\n \n"); echo(" \n"); } ?> <?php require_once "pdo.php";I f ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; echo(" \n".$sql."\n \n"); $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); } if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); } ?> <?php $stmt = $pdo->query("SELECT name, email, password, user_id FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" "); echo(' <input type="huser_idden" '); echo('name="user_id" value="'.$row['user_id'].'">'."\n"); echo(' '); echo("\n \n"); echo(" \n"); } ?> Add A New User Name: Email: Password: < p>
![< php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= hidden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > < php require_once pdo.php ;I f ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= huser_idden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > Add A New User Name: Password: < p>](http://images.slideplayer.com./33/9543768/slides/slide_28.jpg "< php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= hidden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > < php require_once pdo.php ;I f ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= huser_idden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > Add A New User Name: Password: < p>")
29
Add A New User Name: Email: Password: Program Outline <?php require_once "pdo.php";I f ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; echo(" \n".$sql."\n \n"); $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); } if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); } ?> <?php $stmt = $pdo->query("SELECT name, email, password, user_id FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" "); echo(' <input type="huser_idden" '); echo('name="user_id" value="'.$row['user_id'].'">'."\n"); echo(' '); echo("\n \n"); echo(" \n"); } ?> Add A New User Name: Email: Password: < p>
![Add A New User Name: Password: Program Outline < php require_once pdo.php ;I f ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= huser_idden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > Add A New User Name: Password: < p>](http://images.slideplayer.com./33/9543768/slides/slide_29.jpg "Add A New User Name: Password: Program Outline < php require_once pdo.php ;I f ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; echo( \n .$sql. \n \n ); $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); } if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); } > < php $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( <input type= huser_idden ); echo( name= user_id value= .$row[ user_id ]. > . \n ); echo( ); echo( \n \n ); echo( \n ); } > Add A New User Name: Password: < p>")
31
Recall HTML Injection...
32
Input Guess <input type="text" name="guess" id="guess" value=""> DIE DIE " />
33
SQL Injection SQL injection or SQLi is a code injection technique that exploits a security vulnerability in some computer software. An injection occurs at the database level of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. Using well designed query language interpreters can prevent SQL injections. http://en.wikipedia.org/wiki/SQL_injection
34
SQL Injection This code does it all in a select instead of a prepare/execute pattern but it is prone to SQL Injection – where and why? if ( isset($_POST['email']) && isset($_POST['password']) ) { $e = $_POST['email']; $p = $_POST['password']; $sql = "SELECT name FROM users WHERE email = '$e' AND password = '$p'"; $stmt = $pdo->query($sql); login1.php Note: For PHP < 5.4 – this might not fail, actually – look up "stripslashes"
35
What Could Go Wrong? login1.php
36
http://xkcd.com/327/
37
if ( isset($_POST['email']) && isset($_POST['password']) ) { $e = $_POST['email']; $p = $_POST['password']; $sql = "SELECT name FROM users WHERE email = '$e' AND password = '$p'"; $stmt = $pdo->query($sql); login1.php
![if ( isset($_POST[ ]) && isset($_POST[ password ]) ) { $e = $_POST[ ]; $p = $_POST[ password ]; $sql = SELECT name FROM users WHERE = $e AND password = $p ; $stmt = $pdo->query($sql); login1.php](http://images.slideplayer.com./33/9543768/slides/slide_37.jpg "if ( isset($_POST[ ]) && isset($_POST[ password ]) ) { $e = $_POST[ ]; $p = $_POST[ password ]; $sql = SELECT name FROM users WHERE = $e AND password = $p ; $stmt = $pdo->query($sql); login1.php")
38
Use Prepared Statements Properly login2.php if ( isset($_POST['email']) && isset($_POST['password']) ) { echo("Handling POST data...\n"); $sql = "SELECT name FROM users WHERE email = :em AND password = :pw"; echo " \n$sql\n \n"; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':em' => $_POST['email'], ':pw' => $_POST['password'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); When the statement is executed, the placeholders get replaced with the actual strings and everything is automatically escaped!
![Use Prepared Statements Properly login2.php if ( isset($_POST[ ]) && isset($_POST[ password ]) ) { echo( Handling POST data...\n ); $sql = SELECT name FROM users WHERE = :em AND password = :pw ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :em => $_POST[ ], :pw => $_POST[ password ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); When the statement is executed, the placeholders get replaced with the actual strings and everything is automatically escaped!](http://images.slideplayer.com./33/9543768/slides/slide_38.jpg "Use Prepared Statements Properly login2.php if ( isset($_POST[ ]) && isset($_POST[ password ]) ) { echo( Handling POST data...\n ); $sql = SELECT name FROM users WHERE = :em AND password = :pw ; echo \n$sql\n \n ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :em => $_POST[ ], :pw => $_POST[ password ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); When the statement is executed, the placeholders get replaced with the actual strings and everything is automatically escaped!")
39
PDO Error Handling: What Could Go Wrong?
40
if ( !isset($_GET['user_id']) ) die('user_id=1 GET parameter required'); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":xyz" => $_GET['id'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo(" user_id not found \n"); } else { echo(" user_id found \n"); } errors/error0.ph p
![if ( !isset($_GET[ user_id ]) ) die( user_id=1 GET parameter required ); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :xyz => $_GET[ id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo( user_id not found \n ); } else { echo( user_id found \n ); } errors/error0.ph p](http://images.slideplayer.com./33/9543768/slides/slide_40.jpg "if ( !isset($_GET[ user_id ]) ) die( user_id=1 GET parameter required ); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :xyz => $_GET[ id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo( user_id not found \n ); } else { echo( user_id found \n ); } errors/error0.ph p")
41
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":pizza" => $_GET['user_id'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo(" user_id not found \n"); } else { echo(" user_id found \n"); } errors/error1.ph p
![$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo( user_id not found \n ); } else { echo( user_id found \n ); } errors/error1.ph p](http://images.slideplayer.com./33/9543768/slides/slide_41.jpg "$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo( user_id not found \n ); } else { echo( user_id found \n ); } errors/error1.ph p")
42
http://php.net/manual/en/pdo.error-handling.php
43
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":pizza" => $_GET['user_id'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo(" user_id not found \n"); } else { echo(" user_id found \n"); } errors/error1.php
![$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo( user_id not found \n ); } else { echo( user_id found \n ); } errors/error1.php](http://images.slideplayer.com./33/9543768/slides/slide_43.jpg "$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { echo( user_id not found \n ); } else { echo( user_id found \n ); } errors/error1.php")
44
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":pizza" => $_GET['user_id'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION['error'] = 'Bad value for user_id'; header( 'Location: index.php' ) ; return; } errors/error2.php
![$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION[ error ] = Bad value for user_id ; header( Location: index.php ) ; return; } errors/error2.php](http://images.slideplayer.com./33/9543768/slides/slide_44.jpg "$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION[ error ] = Bad value for user_id ; header( Location: index.php ) ; return; } errors/error2.php")
45
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":pizza" => $_GET['user_id'])); } catch (Exception $ex ) { echo("Exception message: ".$ex->getMessage()); return; } $row = $stmt->fetch(PDO::FETCH_ASSOC); errors/error3.php
![$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); } catch (Exception $ex ) { echo( Exception message: .$ex->getMessage()); return; } $row = $stmt->fetch(PDO::FETCH_ASSOC); errors/error3.php](http://images.slideplayer.com./33/9543768/slides/slide_45.jpg "$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); } catch (Exception $ex ) { echo( Exception message: .$ex->getMessage()); return; } $row = $stmt->fetch(PDO::FETCH_ASSOC); errors/error3.php")
46
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":pizza" => $_GET['user_id'])); } catch (Exception $ex ) { echo("Internal error, please contact support"); error_log("error4.php, SQL error=".$ex->getMessage()); return; } $row = $stmt->fetch(PDO::FETCH_ASSOC); errors/error4.php
![$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); } catch (Exception $ex ) { echo( Internal error, please contact support ); error_log( error4.php, SQL error= .$ex->getMessage()); return; } $row = $stmt->fetch(PDO::FETCH_ASSOC); errors/error4.php](http://images.slideplayer.com./33/9543768/slides/slide_46.jpg "$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :pizza => $_GET[ user_id ])); } catch (Exception $ex ) { echo( Internal error, please contact support ); error_log( error4.php, SQL error= .$ex->getMessage()); return; } $row = $stmt->fetch(PDO::FETCH_ASSOC); errors/error4.php")
47
Where do error_log()'s go? When in doubt look at PHPInfo
48
Where do error_log()'s go? File Paths: /Applications/MAMP/logs/php_error.log c:\xampp\php\logs\php_error_log Open the log file and scroll to the bottom Watch the log actively On Mac / Linux use: tail -f filename Windows: http://ophilipp.free.fr/op_tail.htm (mTail)
51
CRUD!
52
CRUD Pattern When we store things in database tables we generally need Create - Insert a new row Read - Read existing row(s) Update - Change some values of a record Delete - Delete a record So far we have done 3/4 of CRUD
53
Our Program is a little Ugly Usually we create several screens Add new row View all rows (paging) View single row Edit single row Delete a row
54
Five Separate Files index.php - Main list and links to other files add.php - Add a new entry delete.php - Delete an entry edit.php - Edit existing view.php (if index.php needs a detail view)
56
<?php require_once "pdo.php"; session_start(); ?> <?php if ( isset($_SESSION['error']) ) { echo ' '.$_SESSION['error']." \n"; unset($_SESSION['error']); } if ( isset($_SESSION['success']) ) { echo ' '.$_SESSION['success']." \n"; unset($_SESSION['success']); } echo(' '."\n"); index.php
![< php require_once pdo.php ; session_start(); > < php if ( isset($_SESSION[ error ]) ) { echo .$_SESSION[ error ]. \n ; unset($_SESSION[ error ]); } if ( isset($_SESSION[ success ]) ) { echo .$_SESSION[ success ]. \n ; unset($_SESSION[ success ]); } echo( . \n ); index.php](http://images.slideplayer.com./33/9543768/slides/slide_56.jpg "< php require_once pdo.php ; session_start(); > < php if ( isset($_SESSION[ error ]) ) { echo .$_SESSION[ error ]. \n ; unset($_SESSION[ error ]); } if ( isset($_SESSION[ success ]) ) { echo .$_SESSION[ success ]. \n ; unset($_SESSION[ success ]); } echo( . \n ); index.php")
57
echo(' '."\n"); $stmt = $pdo->query("SELECT name, email, password, user_id FROM users"); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo " "; echo($row['name']); echo(" "); echo($row['email']); echo(" "); echo($row['password']); echo(" "); echo(' Edit / '); echo(' Delete '); echo("\n \n"); echo(" \n"); } ?> Add New index.php
![echo( . \n ); $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( Edit / ); echo( Delete ); echo( \n \n ); echo( \n ); } > Add New index.php](http://images.slideplayer.com./33/9543768/slides/slide_57.jpg "echo( . \n ); $stmt = $pdo->query( SELECT name, , password, user_id FROM users ); while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) { echo ; echo($row[ name ]); echo( ); echo($row[ ]); echo( ); echo($row[ password ]); echo( ); echo( Edit / ); echo( Delete ); echo( \n \n ); echo( \n ); } > Add New index.php")
58
Chuck csev@umich.edu 123 Edit / Delete Glenn gg@umich.edu 456 Edit / Delete
59
<?php require_once "pdo.php"; session_start(); if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); $_SESSION['success'] = 'Record Added'; header( 'Location: index.php' ) ; return; } ?> Add A New User Name: Email: Password: Cancel add.php
![< php require_once pdo.php ; session_start(); if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); $_SESSION[ success ] = Record Added ; header( Location: index.php ) ; return; } > Add A New User Name: Password: Cancel add.php](http://images.slideplayer.com./33/9543768/slides/slide_59.jpg "< php require_once pdo.php ; session_start(); if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); $_SESSION[ success ] = Record Added ; header( Location: index.php ) ; return; } > Add A New User Name: Password: Cancel add.php")
60
if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) { $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'])); $_SESSION['success'] = 'Record Added'; header( 'Location: index.php' ) ; return; if ( isset($_SESSION['success']) ) { echo ' '.$_SESSION['success']." \n"; unset($_SESSION['success']); }
![if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); $_SESSION[ success ] = Record Added ; header( Location: index.php ) ; return; if ( isset($_SESSION[ success ]) ) { echo .$_SESSION[ success ]. \n ; unset($_SESSION[ success ]); }](http://images.slideplayer.com./33/9543768/slides/slide_60.jpg "if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ])) { $sql = INSERT INTO users (name, , password) VALUES (:name, : , :password) ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ])); $_SESSION[ success ] = Record Added ; header( Location: index.php ) ; return; if ( isset($_SESSION[ success ]) ) { echo .$_SESSION[ success ]. \n ; unset($_SESSION[ success ]); }")
61
<?php require_once "pdo.php"; session_start(); if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); $_SESSION['success'] = 'Record deleted'; header( 'Location: index.php' ) ; return; } $stmt = $pdo->prepare("SELECT name, user_id FROM users where user_id = :xyz"); $stmt->execute(array(":xyz" => $_GET['user_id'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION['error'] = 'Bad value for user_id'; header( 'Location: index.php' ) ; return; } ?> Confirm: Deleting <input type="hidden" name="user_id" value=" "> Cancel delete.php Don't alter data in a GET.
![< php require_once pdo.php ; session_start(); if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); $_SESSION[ success ] = Record deleted ; header( Location: index.php ) ; return; } $stmt = $pdo->prepare( SELECT name, user_id FROM users where user_id = :xyz ); $stmt->execute(array( :xyz => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION[ error ] = Bad value for user_id ; header( Location: index.php ) ; return; } > Confirm: Deleting <input type= hidden name= user_id value= > Cancel delete.php Don t alter data in a GET.](http://images.slideplayer.com./33/9543768/slides/slide_61.jpg "< php require_once pdo.php ; session_start(); if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); $_SESSION[ success ] = Record deleted ; header( Location: index.php ) ; return; } $stmt = $pdo->prepare( SELECT name, user_id FROM users where user_id = :xyz ); $stmt->execute(array( :xyz => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION[ error ] = Bad value for user_id ; header( Location: index.php ) ; return; } > Confirm: Deleting <input type= hidden name= user_id value= > Cancel delete.php Don t alter data in a GET.")
62
if ( isset($_SESSION['success']) ) { echo ' '.$_SESSION['success']." \n"; unset($_SESSION['success']);} if ( isset($_POST['delete']) && isset($_POST['user_id']) ) { $sql = "DELETE FROM users WHERE user_id = :zip"; $stmt = $pdo->prepare($sql); $stmt->execute(array(':zip' => $_POST['user_id'])); $_SESSION['success'] = 'Record deleted'; header( 'Location: index.php' ) ; return; }
![if ( isset($_SESSION[ success ]) ) { echo .$_SESSION[ success ]. \n ; unset($_SESSION[ success ]);} if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); $_SESSION[ success ] = Record deleted ; header( Location: index.php ) ; return; }](http://images.slideplayer.com./33/9543768/slides/slide_62.jpg "if ( isset($_SESSION[ success ]) ) { echo .$_SESSION[ success ]. \n ; unset($_SESSION[ success ]);} if ( isset($_POST[ delete ]) && isset($_POST[ user_id ]) ) { $sql = DELETE FROM users WHERE user_id = :zip ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :zip => $_POST[ user_id ])); $_SESSION[ success ] = Record deleted ; header( Location: index.php ) ; return; }")
63
<?php require_once "pdo.php"; session_start(); if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['user_id']) ) { $sql = "UPDATE users SET name = :name, email = :email, password = :password WHERE user_id = :user_id"; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'], ':user_id' => $_POST['user_id'])); $_SESSION['success'] = 'Record updated'; header( 'Location: index.php' ) ; return; } $stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz"); $stmt->execute(array(":xyz" => $_GET['user_id'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION['error'] = 'Bad value for user_id'; header( 'Location: index.php' ) ; return; } edit.php
![< php require_once pdo.php ; session_start(); if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ]) && isset($_POST[ user_id ]) ) { $sql = UPDATE users SET name = :name, = : , password = :password WHERE user_id = :user_id ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ], :user_id => $_POST[ user_id ])); $_SESSION[ success ] = Record updated ; header( Location: index.php ) ; return; } $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :xyz => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION[ error ] = Bad value for user_id ; header( Location: index.php ) ; return; } edit.php](http://images.slideplayer.com./33/9543768/slides/slide_63.jpg "< php require_once pdo.php ; session_start(); if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ]) && isset($_POST[ user_id ]) ) { $sql = UPDATE users SET name = :name, = : , password = :password WHERE user_id = :user_id ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ], :user_id => $_POST[ user_id ])); $_SESSION[ success ] = Record updated ; header( Location: index.php ) ; return; } $stmt = $pdo->prepare( SELECT * FROM users where user_id = :xyz ); $stmt->execute(array( :xyz => $_GET[ user_id ])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ( $row === false ) { $_SESSION[ error ] = Bad value for user_id ; header( Location: index.php ) ; return; } edit.php")
64
$n = htmlentities($row['name']); $e = htmlentities($row['email']); $p = htmlentities($row['password']); $user_id = htmlentities($row['user_id']); ?> Edit User Name: "> Email: "> Password: "> Cancel edit.php
![$n = htmlentities($row[ name ]); $e = htmlentities($row[ ]); $p = htmlentities($row[ password ]); $user_id = htmlentities($row[ user_id ]); > Edit User Name: > > Password: > Cancel edit.php](http://images.slideplayer.com./33/9543768/slides/slide_64.jpg "$n = htmlentities($row[ name ]); $e = htmlentities($row[ ]); $p = htmlentities($row[ password ]); $user_id = htmlentities($row[ user_id ]); > Edit User Name: > > Password: > Cancel edit.php")
65
if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['user_id']) ) { $sql = "UPDATE users SET name = :name, email = :email, password = :password WHERE user_id = :user_id"; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':name' => $_POST['name'], ':email' => $_POST['email'], ':password' => $_POST['password'], ':user_id' => $_POST['user_id'])); $_SESSION['success'] = 'Record updated'; header( 'Location: index.php' ) ; return; } edit.php
![if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ]) && isset($_POST[ user_id ]) ) { $sql = UPDATE users SET name = :name, = : , password = :password WHERE user_id = :user_id ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ], :user_id => $_POST[ user_id ])); $_SESSION[ success ] = Record updated ; header( Location: index.php ) ; return; } edit.php](http://images.slideplayer.com./33/9543768/slides/slide_65.jpg "if ( isset($_POST[ name ]) && isset($_POST[ ]) && isset($_POST[ password ]) && isset($_POST[ user_id ]) ) { $sql = UPDATE users SET name = :name, = : , password = :password WHERE user_id = :user_id ; $stmt = $pdo->prepare($sql); $stmt->execute(array( :name => $_POST[ name ], : => $_POST[ ], :password => $_POST[ password ], :user_id => $_POST[ user_id ])); $_SESSION[ success ] = Record updated ; header( Location: index.php ) ; return; } edit.php")
66
Summary Making database connections Doing database operations SQL security (a.k.a. we love PDO prepared statements) Exploring errors... A multi-file CRUD application with redirect
67
Acknowledgements / Contributions These slides are Copyright 2010- Charles R. Severance (www.dr-chuck.com) as part of www.php-intro.com and made available under a Creative Commons Attribution 4.0 License. Please maintain this last slide in all copies of the document to comply with the attribution requirements of the license. If you make a change, feel free to add your name and organization to the list of contributors on this page as you republish the materials. Initial Development: Charles Severance, University of Michigan School of Information Insert new Contributors and Translators here including names and dates Continue new Contributors and Translators here
Similar presentations
